BW 5288.00025 NC 17414
METHOD OF PRE-AUTHORIZING HANDOVERS
AMONG ACCESS ROUTERS IN COMMUNICATION NETWORKS
FIELD OF THE INVENTION
[01] The invention relates generally to telecommunications networks. More particularly,
the invention provides a method and apparatus for pre-authorizmg handovers of
mobile terminals among access routers in communication networks, such as wireless
networks.
BACKGROUND OF THE INVENTION
[02] Mobile devices can provide both voice-based connections and packet-based data
connections usmg different base stations and infrastructures. For example, a Web-
enabled cell phone might maintain a voice connection using a first transmission
channel and maintain a mobile IP connection using a second (and independent)
transmission channel, such that handoffs occur independently for the two channels.
Alternatively, voice services can be combined with packet services, such that a single
connection is maintamed for both services. Voice connections can also be provided
over IP in a combined service.
[03] FIG. 1 shows a network with mobility features that covers three service areas SAl,
SA2, and SA3. As shown in FIG. 1, a mobile terminal MT is within service area SAl
served by base station BSl (also called an access pomt or AP). A service area
generally refers to the radio coverage associated with a radio tower/base station.
[04] Base station BSl is connected to an access router ARl, which provides access to the
Internet. Other base stations such as BS3 may also be connected to access router
ARl, such that a common IP address is used for mobile terminals even though the
terminals may pass through different service areas. In other words, although there
may be a hand off of radio frequency channels when the mobile terminal moves
between service area SAl and service area SA3, it may not be necessary to change the
"1-
421217_1.DOC
BW 5288.00025 NC 17414
IP address used to communicate with the mobile terminal because the Internet
connection is still served by the same access router ARl.
[05] A second service area SA2 is served by a separate base station BS2, which is in turn
connected to a different access router AR2. Due to the network topology, access
routers ARl and AR2 use different blocks of IP addresses for communicating with
mobile terminals roaming within their associated service areas. If mobile terminal
MT moves from service area SAl to service area SA2, some mechanism is needed to
hand off the Internet connection from access router ARl to access router AR2.
Similarly, if service areas SAl and SA2 are separated by a large logical distance (e.g.,
ARl and AR2 are connected to different ISPs), some coordination mechanism is
needed to permit data transmitted to a terminal previously operating in service area
SAl to be forwarded to service area SA2 if that terminal moves into area SA2.
[06] One conventional scheme for handing off IP connections is depicted in FIG. 2.
Service area SAl is served by access router ARl, which is designated the "home
agent" for communicating with a particular mobile terminal MT. While mobile
terminal MT moves within service area SAl, correspondence nodes communicate
with the mobile terminal using an IP address that is assigned by the access router ARl
to the mobile node. IP packets (e.g., e-mail, Web pages, and the like) are transmitted
over the Internet to the home network and are forwarded to the mobile tetminal
through the home agent.
[07] If the mobile terminal MT moves to a different service area SA2, served by a different
access router AR2, packets that were previously transmitted to ARl will no longer
reach the mobile terminal.
[08] One conventional approach for handing off mobile nodes is to advertise (e.g.,
broadcast) the existence of access router AR2 in service area SA2, such that when
mobile terminal MT moves into service area SA2, it is notified of the existence of
access router AR2, and it receives a new IP address for communicating within service
area SA2. The mobile terminal MT then sends a binding update to home agent ARl
(e.g., through a land line LL or over the Internet), so that home agent ARl knows the
421217_LDOC
-2-
BW 5288.00025 NC 17414
IP address that will allow packets to reach the mobile terminal in service area SA2.
The home agent treats this address as a "care of address, and all further packets to
the mobile terminal's home address are forwarded to the new IP address. In essence,
two separate IP addresses are used to commmiicate with the mobile terminal; a home
agent address and a care of address that changes when the MT moves into a new
service area.
[09] When a mobile node moves from one access router to another, the packet forwarding
path of sessions to and from the mobile node changes. In order to minimize the
impact of a change in access routers, relevant context is transferred from the
originating access router to the new access router. As described in H. Syed et al.,
"General Requirements for a Context Transfer Framework," draft Internet
Engineering Task Force Seamoby requirements work in progress (May 2001), the
context transfer protocol entities may, in the process of estabhshing and supporting
context transfer, acquire information that would be usefiil to the handover process in
determining the new forwarding path; for example, the outcome of an admission
control decision at a receiving access router.
[10] A mobile terminal may move into an area that is served by two or more access
routers. As with cellular telephone roaming, however, the mobile terminal may not be
authorized to be handed off to certain access routers. Conventional handovers of
mobile terminals from an originating access router to a target access router occur
before determining whether the target access router is in fact authorized to service the
mobile terminal. After the target access router accepts a handoff of a mobile terminal,
it may perform a check to determine whether the mobile terminal is authorized to be
serviced. If it is not, the service connection is dropped.
[11] In other words, the handover decision from one AR to another AR is conventionally
handled independently of whether the mobile terminal is authorized to roam into the
network of the new AR. Typically, the mobile terminal is handed over to the new
AR, then an authorization process ensues to determine whether the mobile terminal is
authorized to roam into the new network. However, dropping the service connection
421217_LDOC
-3-
BW 5288.00025 NC 17414
with an unauthorized mobile terminal unnecessarily wastes resources, such as
maintaining a connection with the mobile terminal for a period of time before the
xmauthorized service is discovered. It also wastes radio frequency spectrum, since
radio resources are allocated to the mobile node prior to authorization. If the mobile
node is determined not to be authorized, then radio resources must be revoked upon
such determination of lack of authorization.
[12] If there are several candidate access routers to which handover could result, for
example those providing different access technologies (e.g., IEEE 802.1 1 WLANS or
Bluetooth), a mobile node may not be authorized to roam into the network of certain
service providers. Consequently, the conventional scheme for performing handoffs to
access routers wastes resources and can delay handover processing.
[13] What is needed is a system and method for addressing some or all of the
aforementioned problems.
SUMMARY OF THE INVENTION
[14] The invention provides a system and method to facilitate handoffs among access
routers in networks such as wireless networks. According to one aspect of the
invention, an originating access router inquires as to whether a target access router is
authorized to accept a handoff of a mobile terminal and, if such authorization exists,
initiates the handoff to the target access router. According to another variation of the
invention, the target access router queries a home network to determine whether the
mobile terminal is authorized to be handed off to the target access router and does not
initiate the handoff operation until such authorization has been obtained.
Authorization may be provided on the basis of static information, such as
administrative approval, or on the basis of dynamic information, such as loading
conditions.
[15] In both embodiments, authorization of a mobile node's handover from one access
router to another takes place prior to the actual handover. The inventive mechanism
also allows for authorization for mobile nodes before a handover takes place even
-4-
421217_1.DOC
BW 5288.00025 NC 17414
between heterogeneous networks. If there are several candidate access routers to
which handover could result, then obtaining authorization information could help in
determining the most favorable access router to which the handover should be made.
Where more than one service provider permits roaming for a given mobile node,
knowledge of relevant authorization information from the different service providers
can allow for an optimal handover decision. Radio resources associated with the
target access router are not used until a decision to hand over the mobile terminal has
been made.
BRIEF DESCRIPTION OF THE DRAWINGS
[16] FIG. 1 shows a conventional network covering three service areas SAl, SA2, and
SA3.
^|} [17] FIG. 2 shows a conventional scheme for handing off a mobile terminal between
|J access routers, wherein the mobile terminal registers with a home agent ARl but also
If! communicates using a second IP address through a "care of agent AR2.
[18] FIG. 3 shows a system according to one aspect of the invention, wherein the handoff
of a mobile terminal from an originating access router to a target access router does
{■ ? not occur until after a determination is made as to whether the target access router is
authorized to service the mobile terminal.
hi
[19] FIG. 4 shows a second embodiment of a system according to the invention using
session initiation protocol (SIP) to traverse one network boundary and AAA protocol
to traverse another network boundary.
[20] FIG. 5 shows one possible configuration for an authorization database 501,
authorization checker 503, and loading detection module 502.
[21] FIG. 6 shows a flow chart illustrating steps of a method for handing off a mobile
terminal to a target access router only after verifying that the target access router is
authorized to accept a hand-off of the mobile terminal.
421217__LDOC
BW 5288.00025 NC 17414
DETAILED DESCRIPTION OF THE INVENTION
[22] FIG. 3 shows a system employing various principles of the invention. As shown in
FIG. 3, a first access router ARl serves a first service area SAl in which a mobile
terminal MT may be located. Although not explicitly shown in FIG. 3, it is assumed
that each access router transmits and receives data packets through one or more base
stations that cover corresponding geographic areas. It is also assumed that each
access router provides Internet-compatible services (e.g., IP protocol compatibility)
such that data packets received at each router can be forwarded to one or more mobile
terminals within the corresponding service area, although the invention is not limited
in this respect.
[23] Suppose that mobile terminal MT moves fi*om area SAl, which is served by access
router ARl, to area SA2, which is served by access router AR2. It is assumed that
access router ARl and AR2 conmiunicate either directly or indirectly (e.g., through
the Internet, land lines, other devices, or wireless means) as depicted by path 301 such
that ARl can effect a handoff of mobile terminal MT to AR2. AR2 further
communicates with an AAA server ASl as depicted by path 302. AAA refers to
Authentication, Authorization and Accounting, which generally defines protocols and
services relating to accounting and authorization for network services, see, e.g., IETF
RFC 2924, September 2000 and "Diameter Mobile Ipv4 Application," Internet Draft,
July 2001. Server ASl communicates with a home server HS located in a home
network SA3, as depicted by path 303. Home server HS contains authorization
information AUTH as explained in more detail below.
[24] As shown in FIG. 3, communication path 301 between ARl and AR2 may be
implemented using the Session Initiation Protocol (SIP), whereas communication path
302 between AR2 and ASl may be implemented using an AAA protocol such as
DIAMETER. Communication path 303 between ASl and home server HS may also
be implemented according to the DIAMETER protocol. In one variation, ARl
transmits a SIP message with an OPTION method that contains details regarding the
mobile terminal and the target access router AR2. This message is then translated
-6-
421217_LDOC
BW 5288,00025 NC 17414
into a suitable DIAMETER message for transport over the interfaces where
DIAMETER is used. The Session Initiation Protocol (SIP) is described in the Internet
Engineering Task Force (IETF) Request for Comment number 2543.
[25] According to one aspect of the invention, prior to performing the handoff of mobile
terminal MT from ARl to AR2, access router ARl contacts AR2 to inquire about
authorization information for mobile terminal MT, AR2 in turn contacts server ASl
for such information, which in turn contacts home server HS via path 303 to
determine whether the mobile terminal is authorized to be handed off to access router
AR2. If the mobile terminal is authorized, the handoff proceeds; otherwise, the
handoff is aborted. Arranging a handoff may include procedures of context transfer
(see, e.g., R. Koodh and C. Perkins, "A Context Transfer Framework for Seamless
Mobility," Work in Progress, Internet Draft, February 2001), or fast handover (see,
e.g., G. Tsirtsis et al, "Fast Handovers for Mobile IPv6," Work in Progress, Internet
Draft, April 2001).
[26] According to one aspect of the invention, radio resources are not used during the
authorization process in order to determine whether the handoff should proceed. For
example, AR2 need not allocate a radio channel to communicate with the mobile
terminal until after it has been determined that the mobile terminal is authorized to be
handed offto AR2.
[27] The linking of an access router such as AR2 to an AAA server such as ASl via
DIAMETER, and the ftirther linking of an AAA server such as ASl to a home
network server such as HS via the DIAMETER protocol, is conventional and
described m the 3'"^ Generation Partnership Project (3GPP2) specification TS 23,228
version 5.0.0 (April, 2001). However, the use of the architecture m the manner
described above to perform pre-handover authorization between two access routers
serving different networks is not conventional.
[28] FIG. 4 shows an alternate embodiment according to the invention. According to this
embodiment, ARl commxmicates with AR2 using the SIP protocol as indicated by
path 401. AR2 communicates with a SIP server SSI also according to the SIP
-7-
421217J.DOC
BW 5288.00025 NC 17414
protocol as indicated by path 402. SIP server SSI communicates with a SIP server
SS2 in the home network as indicated by path 403. Finally, SIP server SS2
commxmicates with AAA server HS using the DIAMETER protocol, as indicated by
path 404. All of these communication paths are intended to be illustrative only; other
protocols and conmiunication methods can be used to inquire about authorization
information in accordance with the invention. For example, authorization information
can be pre-stored or cached in a particular access router, avoiding the need to access a
home network.
[29] FIG. 5 shows one possible embodiment of an authorization database such as database
AUTH shown in FIG. 3 and FIG. 4. Authorization information may comprise static
information (e.g., an administratively created list of mobile terminals and the access
routers to which they are authorized to be handed off), or dynamically changing
information (e.g., authorization based on dynamic loading conditions or other
criteria). Additionally, authorization information may be limited by time of day, or a
subscription plan to which a mobile subscriber belongs (e.g., a "gold" plan allowing
access to all routers; a "silver plan" allowing access to certain routers; and a "basic"
plan allowing access to a limited number of access routers).
[30] In one embodiment, subscribers using mobile terminals are identified according to an
identifier such an International Mobile Subscriber Identity (IMSI), which is typically
recorded in the nonvolatile memory of a mobile terminal such as a mobile telephone.
The location of mobile terminals can be identified according to a hierarchical
identification scheme, such as a concatenation of Public Line Mobile Network
(PLMM) identifier, local area identifier, and base station identifier. Other schemes
for identifying subscribers of mobile terminals as well as their location, and storing
authorization information for such mobile terminals in a database, are possible,
[31] As shown in FIG. 5, an authorization checker function 503, which may be
implemented in software within home server HS, checks for a given mobile ID
whether the mobile ID is authorized to be handed off to a given candidate access
router. In one variation, the authorization comprises a simple table look-up based on
-8-
421217_LDOC
BW 5288.00025 NC 17414
a list of allowed access routers for a given mobile tenninal. In alternate embodiments,
more sophisticated authorization may be stored. For example, certain mobile
terminals may be restricted from accessing certain access routers except during a
particular time of day. Mobile terminal subscribers may be assigned to a subscription
plan that determines the level of access (e.g., how many access routers and under
what conditions they can be accessed for handoff operations). Moreover, dynamic
authorization information can be used to authorize mobile terminals on the basis of
dynamic conditions such as loading of a particular access router. In this regard, a
loading detection module 502 can be implemented to operate in conjunction with a
loading parameter to modify the allowed list of access routers based on how heavily
the access routers are loaded, such that subscribers who pay extra money get
preference during peak loading conditions. Current loading conditions can be
provided from access routers to home network servers in order to share information
concerning loading conditions. Other variations are of course possible.
[32] FIG, 6 shows a flow chart illustrating various steps that can be carried out in
accordance with the invention. In step 601, a mobile terminal wishes to move from
an area serviced by a first access router ARl to an area serviced by a second access
router AR2. This can be determined by the mobile terminal receiving an
advertisement from the second access router including a router ID. In some cases, the
current AR may detect the mobile terminal roaming into another service area and
wish to instruct the mobile terminal to go to a particular router and connect to a
particular access point.
[33] In step 602, access router ARl sends an inquiry to AR2 inquiring about authorization
for the mobile terminal to be handed off to AR2. In an alternate embodiment, shown
at steps 608 and 609, ARl sends the inquiry to the home server for an authorization
check, bypassing steps 602 through 604. As discussed above, access router AR2 may
have pre-stored information regarding authorizations for particular mobile terminals
to be handed off, avoiding the need for steps 602 through 604 and 608 altogether. In
other words, the database query could occur locally within AR2 rather than requiring
transmissions to another computer.
421217 l.DOC
-9-
BW 5288.00025 NC 17414
[34] In step 603, AR2 forwards the inquiry to an AAA server, which in step 604 forwards
the request to a home server corresponding to the mobile terminal In step 605, a
determination is made as to whether the mobile terminal is authorized to be handed
off to AR2 using the principles outlined above. If the mobile terminal is not
authorized to be handed off to AR2, then in step 606 the handoff is rejected,
preferably without using any radio frequency resources between AR2 and the mobile
terminal On the other hand, if the mobile terminal is authorized, then in step 607 the
handoff to AR2 is initiated. In the embodiment shown in FIG. 4, the steps are
modified slightly to account for the existence of SIP servers SSI and SS2.
[35] In an alternate embodiment, access router ARl can query home server HS through
another path (e.g., directly or over the Internet), rather than going through access
router AR2. In this embodiment, access router ARl may learn of the existence of
AR2 through other means (e.g., from the mobile terminal; through an administrative
table; or through a learning function that detects the existence of AR2 through queries
and responses).
[36] It should be appreciated that the principles of the invention can be applied not only to
mobile IP networks, but to networks of other types. For example, the inventive
principles can be applied to perform handovers between a wireless LAN and a GPRS
network.
[37] It should also be appreciated that access routers may cache authorization information,
avoiding the need to query the home network for authorization information. In the
configuration shown in FIG. 3, for example, access router AR2 may be provided with
authorization information for a plurality of mobile terminals from home network
server HS. Thereafter, AR2 can query its locally cached version of authorization
information in order to respond to an authorization inquiry from ARl. Moreover,
access router ARl may query authorization information from home server HS through
another path (e.g., over the Internet), without going through access router AR2. Other
combinations and paths are of course possible.
-10-
421217_1.DOC
BW 5288.00025 NC 17414
[38] Any or all of the functions depicted in the figures can be implemented using computer
software executing on a general-purpose or special-purpose digital computer. The
authorization information can be stored in a computer memory, relational database, or
other data structure. Conventional access routers can be modified to incorporate the
fimctions illustrated in FIG. 3.
[39] As used herein, the term "mobile terminal" should be understood to include IP-
enabled cellular telephones and wireless telephones equipped to communicate using
other protocols; wirelessly accessible Personal Digital Assistants (PDAs) such as
those manufactured by PALM Inc.; notebook computers that can commxmicate
wirelessly; and other mobile devices that can communicate using packetized digital
communications over various transmission technologies (including CDMA, GSM,
TDMA, and others) or media (radio, infrared, laser, and the like).
[40] The term "access router" should be understood to include computer-implemented
devices that route packets, such as IP packets, to addresses in a network based on
routing information. However, it should be understood that access routers are
generally distinct from base stations/access points, which may rely on different
transmission schemes to transmit information (e.g., GSM or CDMA). One or more
base stations could be associated with a single access router, as shown in FIG. 1.
Alternatively, more than one access router could be associated with a single base
station.
[41] The term "mobile IP network" should be understood to include a network or networks
(even if incompatible in transmission technology or operated by different carriers)
that communicate wirelessly with mobile terminals using Internet Protocol.
[42] While the invention has been described with respect to specific examples including
presently preferred modes of carrying out the invention, those skilled in the art will
appreciate that there are numerous variations and permutations of the above described
systems and techniques that fall within the spirit and scope of the invention as set
forth in the appended claims. Any of the method steps described herein can be
421217 l.DOC
- 11 -
BW 5288.00025 NC 17414
implemented in computer software and stored on computer-readable mediimi for
execution in a general-purpose or special-purpose computer.
421217_1.DOC
- 12-